Appl. No. National Stage of PCT/BR2005/000030 
Amendment dated September 8, 2006 

Amendments to the Claims: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

Listin2 of Claims: 

Claims 1-16 (canceled). 

Claim 17 (new). A method for identifying devices and controlling access to a 
service, comprising the steps of: 

collecting data related to software and hardware configurations from a device through 
a software agent; 

generating a digital signature for the device by hashing the software and hardware 
configuration data; and 

sending the digital signature of the device to an authentication server. 

Claim 18 (new). The method of claim 17, wherein the digital signature sent to 
the authentication server is encrypted. 

Claim 19 (new). The method of claim 17, wherein the software agent is installed 
on the device as part of the process of using the device to access a service. 

Claim 20 (new). The method of claim 17, wherein the hashes used to generate 
the digital signature are changed with every attempt to access a service, and the hashes cannot 
be reversed. 
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Claim 21 (new). The method of claim 17, wherein the digital signature is one of 

several stages of a framework of authorization and authentication processes governing access 

to the service by the device. 

Claim 22 (new). The method of claim 17, wherein the authentication server 
compares the digital signature sent with one or more previously-stored digital signatures. 

Claim 23 (new). The method of claim 22, wherein the authentication server 
determines whether the device has been excluded from accessing or enrolling in the service 
by determining whether the device is on a list or in a group of devices not allowed to access 
the service, or is included within a group of devices allowed to access the service. 

Claim 24 (new). The method of claim 22, wherein the authentication server 
allows a maximum number of enrollments for a particular device. 

Claim 25 (new). The method of claim 24, wherein the maximum number of 
enrollments is zero. 

Claim 26 (new). The method of claim 22, wherein the authentication server 
allows minor modifications to the software or hardware configurations of a previously- 
enrolled device so as to preserve access or denial of access for the device. 

Claim 27 (new). The method of claim 26, wherein the previously-stored digital 
signature of the device is updated to reflect the modifications. 
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Claim 28 (new). The method of claim 17, wherein the authentication server logs 

all accesses or attempted accesses by a device to the service. 

Claim 29 (new). The method of claim 17, wherein multiple devices can be 
registered for a single user with the authentication server to create a registration hierarchy. 

Claim 30 (new). The method of claim 29, wherein a user can unregister a device 
only through the device itself, or another device within the registration hierarchy registered 
earlier than the device to be unregistered. 

Claim 31 (new). A method for identifying devices and controlling access to a 
service, comprising the steps of: 

registering a device with an authentication server for access to the service; and 
verifying the identity of the device each time it subsequently attempts to access the 

service. 

Claim 32 (new). The method of claim 31, wherein the step of registering a 
device comprises the steps of: 

collecting data related to software and hardware configurations from the device 
through a software agent; 

generating a digital signature for the device by hashing the software and hardware 
configuration data; 

sending the digital signature of the device to the authentication server; 

verifying that the device is not on a list or in a group of devices not allowed to access 
the service, or is not a device with a maximum number of enrollments set to zero; 
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and registering the device as authorized to access the service. 

Claim 3 3 (new). The method of claim 31, wherein the step of verifying the 
identity of the device comprises the steps of: 

collecting data related to current software and hardware configurations from the 
device through a software agent; 

generating a digital signature for the device by hashing the software and hardware 
configuration data; 

sending the digital signature of the device to the authentication server; and 

comparing the digital signature sent with one or more previously-stored digital 
signatures for the device. 

Claim 34 (new). The method of claim 31, wherein the step of verifying the 
identity of the device comprises the steps of: 

collecting data related to current software and hardware configurations from the 
device through a software agent; 

generating a digital signature for the device by hashing the software and hardware 
configuration data; 

sending the digital signature of the device to the authentication server; and 

verifying that the device is not on a list or in a group of devices not allowed to access 
the service, or is not a device with a maximum number of enrollments set to zero. 

Claim 35 (new). A system for identifying devices and controlling access to a 
service, comprising the steps of: 
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a software agent installed on a device, adapted to collect data related to software and 
hardware configuration of the device; 

a digital signature for the device, generated by the software agent by hashing the 
software and hardware configuration data; and 

an authentication server that determines whether the device can access the service 
based upon the digital signature of the device. 



